[nycbug-talk] VPN vs IPsec
Okan Demirmen
okan
Sun Jul 17 15:12:15 EDT 2005
On Fri 2005.07.15 at 13:25 -0400, michael wrote:
> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec.
>
> According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN.
>
> Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster.
>
> I know there are a lot of variables to examine, but...
> 1. Does anyone bother to secure wifi beyond WEP?
> 2. Are OpenVPN and IPsec good alternatives?
> 3. Of those which makes more sense for a wifi installation?
for all that's been said so, i'll only ask - what are your requirements?
"securing your wireless segment" can be done using different
methodologies and/or tools. i think to your list of things to look at,
think of authpf.
though, if i may say something generally - odd how much effort is put
into "encrypting" the traffic from the client to the AP. i believe
authorizing users/clients to use the AP is the important part, not so
much encrypting to/from. if i'm ssh'ing somewhere, the protocol does
that for me, same with ssl, or anything else. if i'm http'ing somewhere,
the "net" is far more of a hostile environment - why care so much? fine,
care a little if you wish.
okan
More information about the talk
mailing list